REMARKS 

In view of the above amendments and the following remarks, reconsideration of 
the rejection and further examination are respectfully requested. 

The specification and abstract have been reviewed and revised to improve their 
English grammar. The amendments to the specification and abstract have been 
incorporated into a substitute specification and abstract. Attached are two versions of the 
substitute specification, a marked-up version showing the revisions, as well as a clean 
version. No new matter has been added. 

Original claims 1-14 have been cancelled without prejudice or disclaimer of the 
subject matter contained therein and replaced by new claims 15-22. The new claims have 
been drafted to recite features which distinguish the present invention from the reference 
relied upon in the rejection discussed below. 

Claims 1-14 were rejected under 35 U.S.C. § 102(b) as being anticipated by 
Shwed et al. (U.S. 5,835,726). This rejection is believed clearly inapplicable to new 
claims 15-22 for the following reasons. 

New independent claim 15 recites a method of controlling access of a terminal to 
a server, wherein the access is controlled via a repeater which connects the terminal 
(from an outside network) to the server (from an inside network). The method of claim 
15 includes (1) limiting, via the repeater, a transmission of packets from the terminal to 
the server according to a bandv^dth represented by first conditions . Further, the method 
of claim 15 includes (2) changing conditions limiting the transmission of the packets to 
second conditions generated from the first conditions when the server acknowledges a 
connection between the server and the terminal in which the transmission of the packets 
is limited according to the first conditions. Finally, claim 15 recites that (3) the 
bandwidth limitation represented by each of the first conditions is narrower than the 
.bandwidth limitation represented by each of the second conditions. Shwed fails to 
disclose or suggest the above-mentioned features (l)-(3) recited in independent claim 15. 

Rather, the object of Shwed is to provide "an encryption scheme for securing the 
flow of data" on a network (see col. 2, lines 62-64; and col. 6, lines 65 and 66). Further, 
in relation to data flow, Shwed teaches that encryption is performed without changing the 
length of the packet in order to increase the efficiency and bandwidth of encrypted traffic 



(see col. 17, lines 55-58). Therefore, it is evident that Shwed merely teaches the use of 
an encryption technique that does not change the length of a packet which, as a result, 
increases a bandwidth of encrypted traffic. 

Thus, in view of the above, it is clear that Shwed teaches the adoption of a 
specific encryption technique which increases the bandwidth of encrypted traffic, but 
does not disclose or suggest limiting a transmission of packets to a bandwidth represented 
by first conditions and changing the conditions limiting the transmission to second 
conditions generated fi"om the first conditions when the server acknowledges that the 
transmission of the packets is limited according to the first conditions, as recited in claim 
15, In other words, although Shwed discloses increasing the bandwidth of encrypted 
traffic, Shwed does not disclose or suggest limiting a transmission to various bandwidths 
represented by first and second conditions, as required by claim 15. 

In addition, it is apparent that Shwed does not disclose or suggest first conditions 
which represent a bandwidth limitation that is narrower than the bandwidth limitation 
represented by second conditions, as required by claim 15. 

Moreover, it is noted that the result of the invention of Claim 15 is that 
information related to packets is analyzed in order to allocate the proper bandwidth for 
the transmission of the packets by changing (i.e., reducing or increasing) the bandwidth . 
available to the transmitted packets. Accordingly, this changing of the allocated 
bandwidth prevents users of terminals connected to the server fi:om utilizing more 
bandwidth than what is allocated based on the information related to the packets. 

In view of the above, it is clear that the effect of Shwed is an increase in the 
overall bandwidth available to encrypted traffic by maintaining compression . However, 
this effect of Shwed does not result in changing the allocated bandwidth to prevent users 
from utilizing more bandwidth (regardless of compression) than what is allocated based 
.on the information related to the packets, which is the effect of the invention of claim 15 
as discussed above. Therefore, independent claim 15 is not anticipated by Shwed. 

Furthermore, in view of the above, there is no disclosure or suggestion in Shwed 
or elsewhere in the prior art of record which would have caused a person of ordinary skill 
in the art to modify Shwed to obtain the invention of independent claim 15. Accordingly, 



it is respectfully submitted that independent claim 15 and claims 16-19 which depend 
therefrom are clearly allowable over the prior art of record. 

New independent claim 20 recites a server for controlling access of a terminal to 
the server. New claim 20 recites features that correspond to the above-mentioned 
distinguishing features of independent claim 15 (e.g., bandwidth limitation according to 
first condition and second condition). Thus, for the same reasons discussed above, it is 
respectfully submitted that claim 20 and claims 21 and 22 which depend therefrom are 
allowable over Shwed. 

In view of the above amendments and remarks, it is submitted that the present 
application is now in condition for allowance and an early notification thereof is eamestly 
requested. The Examiner is invited to contact the undersigned by telephone to resolve 
any remaining issues. 



ALD(NEP)/nrj 

Washington, D.C. 20006-1021 
Telephone (202) 721-8200 
Facsimile (202) 721-8250 
December 20, 2007 



Respectfully submitted. 



Satoshi ANDO et al. 




Andrew L. Dunlap^ 
Registration No. 60,554 
Attorney for Applicants 
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yersion with lUaryfg^ 

ACCESS-CONTROLLING N4ETH0D, REPEATER, AND SERVER 

BACKGROUND OF THE INVENTION 
[0001] L Field of the Invention 

[0002] The present invention relates to an access-controlling method, a repeater, and a 
server. 

[0003] 2. Description of the Related Art 

[0004] First, in this specification, a position where information to be protected and a 
server which manages the protected information e xist is called an inner position, and a 
position which communicates via a network is called an outer position compar e d in 
relation t o the inner position. 

[0005] An access control (called a firewall and a packet filtering) is now used in order to 
protect the inner position from th e following illegal access. Th e ill e gal Illegal access is^ 
for example^ accessing an inner position illegally from the outer position, blocking 
inner-position service from an outer position, and carrying out confidential information 
ef "from the inner position to the outer position. Devices which take charge of the access 
control are one of or both of a server itself which offers service, and a repeater which 
relays communication to the server (for example, a router etc.). 

[0006] As prior Prior references regarding the prior access control include , th e r e are 
reference 1 (published Japanese Patent Application Laid-Open No. Hei 8-44642), 
reference 2 (Japanese translation of PCT international application No. Hei 10-504168), 
and reference 3 (published Japanese Patent Application Laid-Open No. 2000-124955). 
[0007] As prior PrioL,references regarding bandwidth control in TCP/IP^ which is a 
typical network protocol, IPSec, and FlowLabel of IPv6 include , th e re ar e non-patented 
reference 1 (reference name: "Internet QoS," coauthored by Paul Ferguson and Geott 
Huston, translation supervised by Iwao Toda, date of issue: May 5, 2000), non-patented 
reference 2 (reference name: RFC2401 "IP Encapsulating Security Payload (ESP)," 
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coauthored by S. Kent and R. Atkinson, date of issue: November, 1998), and 
non-patented reference 3 (reference name: RFC2460 "Internet Protocol, Version6 (IPv6) 
Specification", coauthored by S. Deering and R. Hinden, date of issue: November, 
1998). 

[0008] (Problem 1) Measures to P2P (pier-to-pier) communication 

[0009] In the prior access control, control of a choice between two alternatives of 

whether to transmit a packet or to discard the packet is basically performed. 

[0010] When a server offers service currently open to the public completely, for 

example, the WEB service which can be accessed from the Internet, the access control 

is basically just to transmit the packet to the server. 

[0011] When the server offers the service with which access is restricted to the fixed 
range, for example, the file-sharing service by which access is limited in a network in 
the company, all the packets out of the fixed range are to be discarded. 
[0012] However, when the server offers mail service to a computer which belongs to an 
employee who moved outside from t he company on business trip, the above -described 
access control cannot deal with the case. It is because, in such a case, an IP address and 
a port number of the computer which belongs to the employee is changed, if the 
employee moves outside ftena-the company. 

[0013] With references 1 to 3, some proposals are made to such a subject. However, 
these proposals are inadequate for (he-P2P communication. 

[0014] In these references, when the packet is transmitted to an outer position from an 
inner position, the judging condition of the access control is dynamically changed so 
that a packet in the reverse direction is allowed to be transmitted in judging 
transmission/discard of the packet. Thereby, it is supposed that bidirectional 
communication is performed between the outer position and the inner position. 
[0015] However, with such an art, unless a packet is transmitted towards the outer 
position from the inner position, the bidirectional communication cannot be performed. 
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In short, it is impossible to perform bidirectional communication after transmitting a 
packet to the inner position from the outer position first. 

[0016] (Problem 2) Vuln e rablen e ss Vulnerability over a DOS (Denial of Service) attack 
[0017] To cope with a problem 1, it is considered to set up a judging condition statically 
under which a packet that fulfills specific conditions is allowed to be transmitted. 
However, since an address of a terminal is dynamically set up by DHCP in the present 
ISP and a hot spot, it is next to impossible to lay down such specific conditions as a 
matter of fact. 

[0018] If such a setup is performed, occurrence of DOS (D e nial Of Servic e ) attack^ by a 
person with malice who forges a packet which fulfills the judging conditions^ cannot be 
prevented. 

[0019] In reference 3, usable bandwidth is controlled by using traffic shaping against 
illegal access of the DOS attack. However, when the packet by illegal access and the 
packet by legal access are intermingling and flowing, the traffic shaping may result in 
restricting a bandwidth of communication by the legal access uni ustl y . Therefore , 
th e refor e , it is extremely difficult to limit the traffic shaping only to the packet by the 
illegal access. 

[0020] (Problem 3) Measures to encryption 

[0021] In the prior access control, information in a packet is referred to in judgment of 
transmission/discard. However, when the packet is encrypted in order to prevent 
wiretapping by a third person, since the information in the packet cannot be referred to 
in the access control, the judgment of the transmission/discard becomes impossible. 
OBJECTS AhJD SUMMARY OF THE INVENTION 

[0022] An object of the present invention is to offer an access-controlling method which 
can perform more flexible access control and can correspond to encryption of a packet, 
and an art related thereto. 

[0023] A first aspect of the present invention provides an access-controlling method for 
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controlling access of a terminal of an outside network to a server of an inside network 
using a repeate r. Ther -the inside network and the outside network being relayed by the 
repeater, the access-controlling method comprising: includes permitting transmission of 
packets sent by the terminal to the server under limited conditions^— ^changing 
conditions to generate changed conditions that define packet transmission from the 
terminal to the server, when the server acknowledges connection between the terminal 
and the server according to the packets sent under the limited conditionsh-a_and 
controlling the packet transmission from the terminal to the server under the changed 
conditions, 

[0024] According to the construction described above, a terminal of the outside network 
and a server of the inside network can take at least two transmission states besides 
discarding a packet. One is a state of performing communication restricted according to 
the limited conditions, and the other is a state of communicating under looser conditions, 
or severer conditions. Therefore, a more flexible access control can be performed than 
an alternative access control of the so-called transmission/discard. Furthermore, 
bidirectional communication can be performed after transmitting the packet to the inner 
position from the outer position first. 

[0025] A second aspect of the present invention provides an access-controlling method 
as described in the first aspect, wherein the limited conditions limit bandwidth of the 
packet transmission from the terminal to the server within a predetermined range, 
[0026] According to the construction described above, even when packets by illegal 
access should reach the server before the server acknowledges connection to the 
acknowledged packet, adding a limit of the bandwidth restricts the illegal packets in 
quantity and the server can be protected from the illegal access. 
[0027] A third aspect of the present invention provides an access-controlling method as 
described in the first aspect, wherein the packets sent under the limited conditions 
include authentication information to be sent to the server. 
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[0028] According to the construction described above, transmission of authentication 
information is made in a state that the limited conditions are imposed. Since only the 
terminal attested for authentication information can access the server on the changed 
conditions, the server can be protected from illegal access. 

[0029] A fourth aspect of the present invention provides an access-controlling method 
as described in the first aspect, w^herein the changing conditions further comprises 
changing conditions of a flow that is defined using an address of the terminal, an port 
number of the terminal, an address of the server, and a port number of the server. 
[0030] According to the construction described above, the access control can be 
performed only for the corresponding flow, distinguished fi-om the other flows. 
[0031] A fifth aspect of the present invention provides an access-controlling method for 
controlling access of a terminal of an outside network to a server of an inside network 
using a repeater, the inside network and the outside network being relayed by the 
repeate r. Ther 4he access-controlling method comprising: includes receiving encrypted 
packets from the terminalj-^decoding the encrypted packets^^and notifying access 
control information concerning the encrypted packets to the repeater. 
[0032] According to the construction described above, even when the repeater cannot 
acquire sufficient information to be used for the access control^ since packets are 
encrypted, the repeater can perform an exact access control using a notification from the 
server. 

[0033] This information includes correspondence relationship of information of an 
encrypted portion (an upper-layer protocol class, a source/destination port number) that 
the repeater cannot refer, and information of the non-encrypted portion (ID of IPv4, and 
Flow-Label of IPv 5/6) which can be referred to from the repeater. 
[0034] A sixth aspect of the present invention provides an access-controlling method as 
described in the first aspect, further oomprisinp: including storing access control 
information in the server^-^and storing the access control information in the repeater. 
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Further , wh e r e in, when the server changes the access control information, the server 
notifies the repeater that the access control information has changed. 
[0035] According to the construction described above, when the server tries to change 
the information independently, a notification is made -sent from the server. Thereby, 
consistency of the access control between the server and the repeater is maintained, and 
unity of the access control as a whole communication system can be maintained. 
[0036] The above, and other objects, features and advantages of the present invention 
will become apparent from the following description read in conjunction with the 
accompanying drawings, in which like reference numerals designate the same elements. 
BRIEF DESCRIPTION OF THE DRAWINGS 

[0037] Fig. 1 is a diagram illustrating how a communication system is constructed 
according to a first embodiment of the present invention; 

[0038] Fig. 2 is a block diagram illustrating a repeater according to the first 
embodiment; 

[0039] Figs. 3 (a) to Fig. 3 (d) 3(aV3(d) are descriptive illustrations showing a transition 
of a storing unit according to the first embodiment; 

[0040] Fig. 4 is a flowchart illustrating the repeater according to the first embodiment; 
[0041] Fig. 5 is a block diagram illustrating the server according to the first 
embodiment; 

[0042] Fig. 6 is a flowchart illustrating the server according to the first embodiment; 
and 

[0043] Fig. 7 is a time chart showing packet transmission according to the first 
embodiment. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
[0044] Hereinafter, preferred embodiments of the present invention are now explained 
with reference to the drawings. Fig. 1 is a diagram illustrating how a communication 
system is constructed according to a first embodiment of the present invention. Fig. 2 is 
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a block diagram of a repeater according to the first embodiment, and Fig. 5 is a block 
diagram of a WEB server according to the first embodiment. 

[0045] As shown in Fig. 1, the communication system has an outside network 7 
illustrated on the upper-side of a repeater 6 and an inside network 1 illustrated on the 

lower-side of the repeater 6. 

[0046] A LAN cable 2 is laid in the inside network 1. The repeater 6, a WEB server 3, 
an intra-office mail server 4, an intra-office DB server 5, and other client terminals (not 
illustrated) belonging to the inside network are connected to the LAN cable 2. 
[0047] The repeater 6 is connected to both networks 8 and the LAN cable 2. 
[0048] There are the networks 8 in the outside network 7, and a terminal 9 is allowed 
only to receive WEB service by the WEB server 3. On the other hand, a terminal 10 is a 
computer which an employee of a company, who usually use the inside network 1, has 
brought te-on a business tri p plac e. The terminal 10 is allowed to receive service by the 
WEB server 3 and the intra-office mail server 4. 

[0049] Service of the intra-office DB server 5 can be used only inside the inside 
network 1, and access from outside the inside network 1 is forbidden. 
[0050] Here, an embodiment that the terminal 9 is allowed to use service of the WEB 
server 3, and forbidden to use service of the intra-office mail server 4 is can realized by 
the prior alternative access control of the so-called transmission/discardt-^^thereby the 
explanation regarding this point is omitted. 

[0051] A problem to be discussed in the present invention is to allow the terminal 10 to 
use the intra-office mail server 4, protecting the intra-office mail server 4 from illegal 
access. 

[0052] The repeater 6 is explained in detail using Fig. 2. First, a control unit 60 controls 
each component of the repeater 6. 

[0053] A communication unit 61 is connected to the networks 8 of the outside network 7. 
A communication unit 62 is connected to the LAN cable 2 of the inside network 1 . 
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[0054] A storing unit 67 comprises storage media, such as a memory. As shown in Fig. 3 
(a), in a state before connection of the terminal 10 is acknowledged, the storing unit 67 
stores information which correlatively describes, for every flow number, a flow 
concerning a packet transmitted via the communication units 61 and 62 (an address and 
a port number of a source, and an address and a port number of a destination), a 
threshold TH of a bandwidth of the corresponding flow (in the present embodiment, the 
number of packets per second is used for the bandwidth), and a measured value Vn of 
the bandwidth of the corresponding flow. This information is called flow-defining 
information hereinafter. 

[0055] Flows for which connection can be acknowledged are defined in the storing unit 
67 beforehand, and a flow which is not completely related to anyone of the flows 
defined in the storing unit 67 is eliminated as illegal access. 

[0056] A transition of the contents of the storing unit 67 is briefly summarized. A 
threshold TH of a bandwidth in the storing unit 67 is set as a small value until the 
intra-office mail server 4 of the inside network 1 acknowledges connection from the 
terminal 10 of the outside network 7. The threshold TH is changed into a bigger value 
when the intra-office mail server 4 acknowledges the connection. 
[0057] As shown in Fig. 3 (a), a total of four flows of flow numbers 1 to 4 are defined in 
the present embodiment. A flow number 1 is related with service of the intra-office DB 
server 5, and cannot be accessed from any addresses of the outside network 7 (threshold 
TH = 0). 

[0058] A flow number 2 is related with service leaving from a terminal (a server or a 
client terminal) belonging to the inside network 1 to the outside network 7, and can 
access freely from any addresses of the inside network 1 (threshold TH=infinity). 
[0059] A flow number 3 is related with service of the WEB server 3, and can access 
freely from any addresses of the outside network 7 (threshold TH=infinity). 
[0060] A flow number 4 is related with service of the intra-office mail server 4, and can 
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access from any addresses of the outside network 7 under limited conditions (threshold 
TH = 10). This access is limited to a POP in which a protocol classification concerns 
password transmission. 

[0061] As described later, the terminal 10 that is going to access the intra-office mail 
server 4 sends a packet according to the flow number 4 to the intra-office mail server 4 
under fixed conditions. The conditions are greatly loosened, after the intra-office mail 
server 4 issues an explicit packet which acknowledges the communication (a packet of 
which the SYN-ACK flag is turned on). 

[0062] In Fig. 2, a classifying unit 63 classifies a flow of packets according to the 
flow-defining information stored by the storing unit 67. 

[0063] A measuring unit 64 measures a bandwidth of a classified flow, and stores the 
measured value in the field of "measured value" of the corresponding flow number in 
the storing unit 67. 

[0064] A judging unit 65 compares (i) a measured value Vn and (ii) a threshold TH of 
the bandwidth^ which are both stored in the storing unit 67 regarding the classified flow, 
and makes ajudgment ef^to transmittiftg when Vn<=TH, otherwise makes ajudgment 
ef -to discard. discarding. 

[0065] Hereinafter, in order to simplify explanation, the judging unit 65 is assumed to 

make only two kinds of judgments: "transmitting" and "discarding." However, there are 

cases in which the judging unit 65 does not make the judgment of "discarding" a packet, 

but may make judgment of delaying transmission of the packet or changing priority of 

the packet. These alternatives are also included in the present invention. 

[0066] In a bandwidth control unit 66, packets that a judging unit 65 has judged to 

transmit are set. The bandwidth control unit 66 sends the packets from the 

communication units 61 and 62 one by one according to a rule of the bandwidth control, 

unless the packets are discarded in the bandwidth control unit 66. 

[0067] A bandwidth control method in the bandwidth control unit 66 of the present 
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embodiment is arbitrary. For example, queuing such as FIFO, RED and RIO, and 
schedulers such as PQ and WRR can be freely chosen for use. 

[0068] Next, the intra-office mail server 4 is explained in detail using Fig. 5. First, a 
control unit 40 controls each component of the intra-office mail server 4. A 
communication unit 41 is connected to a LAN cable 2. 

[0069] A storing unit 48 comprises storage media, such as a memory, and has the same 
contents as the storing unit 67 of the repeater 6 has. Although the contents of the storing 
unit 48 and the contents of the storing unit 67 may not agree with each other temporarily, 
the disagreement of this information will be immediately fixed by a change notice 
mentioned later. Of course, the transition of the storing unit 48 is basically the same as 
that of the storing unit 67. 

[0070] An application unit 42 executes an application (mail service) that realizes the 
function as the intra-office mail server 4. 

[0071] An encryption unit 43 decodes an encrypted packet. The information relating to 
the encrypted packet and usable for an access control is notified to the repeater 6 via the 
communication unit 41. 

[0072] In the packet that is encrypted by IP-Sec etc., even information that is necessary 
for classifying the packet will be encrypted during the access control. Therefore, the 
classification of the packet becomes imperfect. The information that is necessary for the 
access control can be acquired only by the intra-office mail server 4 of the source or the 
destination. The intra-office mail server 4 can decode the encrypted packet. 
[0073] In the IP of the version 6 for the TCP/IP, a flow label is introduced in order to 
enable the classification of packets even when two or more such encrypted packets are 
intermingled. However, only the source/destination terminals can judge, in terms of the 
flow label, a relation with the source/destination port number that is encrypted. 
[0074] In the present embodiment, the encryption unit 43 is provided in the intra-office 
mail server 4. When the information necessary for classification in the access control is 
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acquired from the packet that is decoded, the information is not only held at the 
intra-oflfice mail server 4, but also notified to the repeater 6. Thereby, the consistency 
for classification processing of the repeater 6 and the classification processing of the 
intra-office mail server 4 is maintained. 

[0075] In Fig. 5, a classifying unit 44, a measuring unit 45, a judging unit 46, and a 
bandwidth control unit 47 are the same as those of the classifying unit 63, the measuring 
unit 64, the judging unit 65, and the bandwidth control unit 66 in Fig. 2. 
[0076] Thus, the classifying unit 44 classifies the flow of the packets according to the 
flow-defining information stored in the storing unit 48. 

[0077] The measuring unit 45 measures a bandwidth of the flow that is classified, and 
stores the measured value Vn in the field of "measured value" of the corresponding flow 
number in the storing unit 48. 

[0078] As for the classified flow, the judging unit 46 compares the measured value Vn 
and the threshold TH of the bandwidth that are stored in the storing unit 48. If Vn<=TH, 
the judging unit 46 makes the j udgment of "transmitting" . Otherwise : oth e rwis e, the 
judging unit 48 makes the iudgment of "discarding". 

[0079] Packets that are made judgment of "transmitting" by the judging unit 45 are set 
in the bandwidth control unit 47. The bandwidth control unit 47 sends the packets one 
by one from the communication unit 41 according to a rule of the bandwidth control, as 
long as the bandwidth control unit 47 does not discard the packets in itself 
[0080] The bandwidth control method in the bandwidth control unit 47 of the present 
embodiment is arbitrary. For example, queuing such as FIFO, RED and RIO, and 
schedulers such as PQ and WRR can be freely chosen to use. 
[0081] (Change notice) 

[0082] In packet exchange communication, there are two methods: £i} 
connection-oriented communication, which notifies connection request and explicit 
acknowledgment to the connection request— i_and (ii) connectionless communication, 



11 



which does not notify connection request or explicit acknowledgment to the connection 
request. 

[0083] In TCP/IP, which is currently the most spread-out communication protocol of the 
Internet, ther e are TCP as-is_the connection-oriented communication^ and UDP as-is_the 
connectionless communication. 

[0084] In the— TCP and the— UDP communication, in order to perform plural 
communications independently between a pair of terminals (a server is included in the 
terminals), the terminals assign a^port number for each communication. 
[0085] The classifying unit 63 of the repeater 6 refers to the source/destination address, 
a source/destination port, and the upper-layer protocol class that indicates either the 
TCP or the-UDP communication . Thus, the classifying unit 63 of the repeater 6 is able 
to classify the plural communications. 

[0086] In the-TCP that is th e connection-oriented communication, the intra-office mail 
server 4, which has received a packet (a packet whose SYN flag in the TCP flag is 
"ON") that requests the connection, sends a packet (a packet whose SYN-ACK flag is 
"ON" or a packet whose ACK flag in "ON") that acknowledges the connection when the 
connection is acknowledged. 

[0087] A^^heft -On the other hand, when t he connection is not acknowledged, on th e oth e r 
hand, the intra-ofFice mail server 4 sends a packet (a packet whose FIN flag in the TCP 
flag is "ON") indicating that the connection is not acknowledged. 
[0088] In the-TCP/I P communication, to indicate explicitly that the connection is not 
acknowledged, a message of "Destination Unreachable" of ICMP may be sent in 
response, in addition to the FIN packet of the TCP. Sending the message is commonly 
used in the-TCP and the-UDP communication . 

[0089] The-UDP is the connectionless communication which does not send or receive a 
packet requesting connection or a packet explicitly indicating acknowledged 
connection/not-acknowledged connection. _In the-UDP communication , a packet may 
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be used as a trigger for sending and receiving by referring to a set of source/destination 
address and source/destination port number of the packet. 

[0090] Since the connectionless communication does not send or receive a packet 
requesting connection or a packet explicitly indicating acknowledged 
connection/not-acknowledged connection, the judgment of the access control in the 
connectionless communication may become less accurate. 

[0091] In the present embodiment, when the intra-ofFice mail server 4 makes an explicit 
acknowledgment of a^connection to the terminal 10, irrelevant to the intention of the 
repeater 6, a change notice is issued from the intra-oflfice mail server 4 to the repeater 6. 
Thereby, the storing unit 67 of the repeater 6 and the storing unit 48 of the intra-office 
mail server 4 can share the same information. 

[0092] If the change notice is used in a_better way, the information of the access control 
may be held by the repeater 6 and the intra-ofFice mail server 4 in a distributed manner. 
This feature is worthy to note, compared to the prior method in which the repeater 6 
must have all the information regarding the access control. This feature reduces the 
amount of information that the repeater 6 should possess and also reduces processing 
burdens of the repeater 6. In the repeater 6, it is not necessary to hold the information of 
the flow that is not transmitted . Therefore : ther e for e, the processing burdens can be 
further reduced. 

[0093] By use of the change notice, the agreement of the contents of processing for the 
bandwidth control between the intra-offlce mail server 4 and the repeater 6 is securable. 
[0094] Thus, sweh -the following unfavorable situations can be preventedt hat (i) a 
situation that a packet^ which has reached from the intra-office mail server 4 to the 
repeater 6^ is discarded by the repeater 6 because of insufficient bandwidth, or Hi) a 
situation that a bandwidth required by other flow is pressed because the outward 
bandwidth is secured too much by the repeater 6 , can be prev e nted . 
[0095] (Bandwidth control) 



13 



[0096] In a packet exchanging network, bandwidth control can be performed only by a 
sending side of packets because of restrictions due to the system. 
[0097] Therefore, as for a packet from the intra-oflRce mail server 4 to the repeater 6, 
the bandwidth control can be performed only by the intra-ofFice mail server 4, but as for 
a packet from the repeater 6 to the intra-office mail server 4, the bandwidth control can 
be performed only by the repeater 6. 

[0098] In the present embodiment, the bandwidth control units are provided in both ef 
the repeater 6 and the intra-office mail server 4, in order to prevent the bandwidth of the 
intra-office mail server 4 from being used illegally by responding to an illegal access 
from outside. 

[0099] Next, operation of the repeater 6 is explained referring to Fig. 4. First at Step 1, 
the control unit 60 waits for a packet to arrive at the communication unit 61 or the 
communication unit 62. 

[0100] At Step 2, when a packet arrives, the packet is confirmed whether or not it is a 
change notice from the intra-office mail server 4. If the packet is a change notice, at 
Step 3, the control unit 60 updates the contents of the storing unit 67 as the change 
notice describes. Thereby, the consistency of the contents for the storing unit 67 and the 
contents of the storing unit 48 is guaranteed. 

[0101] If the packet is not a change notice, at the-Step 4, the control unit 60 orders the 
classifying unit 63 to perform classification. Then, the classifying unit 63 confirms 
whether or not a flow corresponding to the packet exists in the storing unit 67. 
[0102] If the corresponding flow exists, at Step 5, the classifying unit 63 confirms 
whether or not each value (the address, the port number, etc. regarding the source and 
the destination) of the flow is fixed. The classifying unit 63 starts the confirmation from 
a flow with the largest flow number to a flow with smaller flow number, as arrows in 
Fig. 3 show. That the value is not fixed in the confirmation means that the value is 
uncertain, as shown by a symbol " * " in Fig. 3. 
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[0103] When the values are not fixed, at Step 6, the classifying unit 63 adds a new entry 
(a flow number becomes the number that "1" is added to the largest flow number for the 
moment), and sets each value (the address, the port number, etc. regarding the source 
and the destination) that is acquired from the packet of the new entry, and moves the 
processing to Step 7. When the values are fixed, the classifying unit 63 moves the 
processing from Step 5 to Step 7, since it is not necessary to add a new flow. 
[0104] At Step 4, if no corresponding flow exists, there is a possibility of illegal access. 
Therefore, the classifying unit 63 stops the classification and sends a notice of the 
possibility of illegal access to the control unit 60. Upon receipt of the notice, the control 
unit 60 moves the processing to Step 10 immediately and discards the packet. 
[0105] At Step 7, the measuring unit 64 measures the transmission speed of a 
corresponding flow, and the measured value Vn is set to the field of the measured value 
of the corresponding flow. 

[0106] At Step 8, the judging unit 65 compares the measured value Vn and the threshold 
TH of the corresponding flow. If Vn<==TH, the judging unit 65 makes the j udgment of 
"transmitting", and the packet is outputted to the bandwidth control unit 66. Then, 
following the bandwidth control method, the bandwidth control unit 66 outputs the 
packet via the communication unit 61 or the communication unit 62, as long as the 
bandwidth control unit 66 by itself does not discard the packet. 

[0107] Otherwise, the judging unit 65 makes the j udgment of "discarding", and the 
packet is discarded without being outputted to the bandwidth control unit 66. 
[0108] Then, the processing after Step 1 is repeated until the processing is completed 
(Step 11). 

[0109] Next, operation of the intra-office mail server 4 is explained using Fig. 6. At step 
31, the control unit 40 sets "OFF" as an initial value to a change flag. The flag indicates 
whether or not contents of the storing unit 48 have changed by the decision of 
intra-oflflce mail server 4. "ON" means that the contents have changed, and "OFF" 
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means that the contents have not changed. If the flag is "ON", it means that there is 
disagreement between the contents of the storing unit 48 and the contents of the storing 
unit 67. Thus, a change notice is supposed to be issued for the repeater 6 at the 
appropriate timing (Step 46). 

[0110] At Step 32, the control unit 40 waits for a packet to arrive at the communication 
unit 41. At Step 33, the control unit 40 performs processing of an application by -using 
the application unit 42 until a packet arrives. 

[0111] When a packet arrives, at Step 34, the packet is confirmed whether it has been 
encrypted or not. If the packet has been encrypted, the control unit 40 makes the 
encryption unit 43 decode the packet at Step 35, and moves the processing to Step 36. If 
the packet is not encrypted, the control unit 40 moves the processing to Step 36 from 
Step 34. 

[0112] Next, at Step 36, the control unit 40 orders the classifying unit 44 to perform 
classification. Then, the classifying unit 44 confirms whether or not a flow 
corresponding to the packet exists in the storing unit 48. 

[0113] If the flow exists, the classifying unit 44 confirms whether each value (the 
address, the port number, etc. regarding the source and the destination) of the flow is 
fixed or not at Step 37. As well as the classifying unit 63, the classifying unit 44 starts 
the confirmation from a flow with the largest flow number to a flow with smaller flow 
number, as arrows in Fig. 3 show. That the value is not fixed in the confirmation means 
that the value is uncertain, as shown by a symbol " * " in Fig. 3. 
[0114] When the values are not fixed, at Step 38, the classifying unit 44 adds a new 
entry (a flow number becomes the number that "1" is added to the largest number for 
the moment), and sets each value (the address, the port number, etc. regarding the 
source and the destination) that is acquired from the packet of the new entry. The 
change flag is set to "ON", since disagreement between the contents of the storing unit 
48 and the contents of the storing unit 67 may occur due to the processing at Step 38. 
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[0115] Then, the processing is moved to Step 39. At Step 39, the classifying unit 44 
confirms the control unit 40 whether the packet, whose flag of SYN-ACK 
acknowledging the connection to the terminal 10 is "ON", will be sent or not. If the 
packet is sent, at Step 40, in the storing unit 48, the value of infinity (communication is 
accepted freely) is set to the threshold TH of the corresponding flow in order to loosen 
the limited conditions of the corresponding flow, and then the processing is moved to 
Step 41. If the packet is not sent, the classifying unit 44 moves the processing to Step 41 
from Step 39. 

[0116] At Step 37, if the values are fixed, the classifying unit 44 moves the processing 

from Step 37 to Step 41, since it is not necessary to add a new flow. 

[0117] At Step 36, if no corresponding flow exists, there is a possibility of illegal access. 

Therefore, the classifying unit 44 stops the classification and sends a notice of the 

possibility of illegal access to the control unit 40. Upon receipt of the notice, the control 

unit 40 moves the processing to Step 44 immediately and discards the packet. 

[0118] At Step 41, the measuring unit 45 measures the transmission speed of the 

corresponding flow, and the measured value Vn is set to the field of the measured value 

of the corresponding flow. 

[0119] At Step 42, the judging unit 46 compares the measured value Vn and the 
threshold TH of the corresponding flows. If Vn<=TH, the judging unit 46 makes the 
judgment of "transmitting", and the packet is outputted to the bandwidth control unit 47. 
Then, following the bandwidth control method, the bandwidth control unit 47 outputs 
the packet via the communication unit 41, as long as the bandwidth control unit 47 by 
itself does not discard the packet. 

[0120] Otherwise, the judging unit 46 makes the j udgment of "discarding", and the 
packet is discarded without being outputted to the bandwidth control unit 47. 
[0121] Then, the processing after Step 32 is repeated until the processing is completed 
(Step 48). 
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[0122] The flow of processing for communication between the terminal 10 and the 
intra-ofifice mail server 4 is explained using Figs. 7 and 3. The flow begins with 
requesting by the terminal 10 for the connection with the intra-office mail server 4 
under limited conditions, acknowledging the connection, loosening the conditions, and 
ending with starting smooth communication. 

[0123] First, at time tl of Fig. 7, the terminal 10 sends a packet (information including 
authentication information, such as an account and a password) whose SYN flag is 
"ON" to the intra-office mail server 4 according to the POP protocol. At this time, the 
contents of the storing unit 48 and the storing unit 67 are as shown in Fig. 3 (a). 
[0124] Since the packet belongs to the flow number 4, the communication is 
acknowledged if the measured value V4 of the flow is less than the threshold TH. 
[0125] However, in the present example, at around the time tl, the measured value V4 is 
unfortunately greater than the threshold TH; therefore, communication fails and a 
packet whose FIN flag is "ON" is sent back to the terminal 10 from the intra-office mail 
server 4 at time t2. 

[0126] The terminal 10 reduces the transmission speed of the packet, and sends the 
packet whose SYN flag is "ON" to the intra-office server 4 once again at time t3. Then, 
the above-mentioned limited conditions are fulfilled, and a packet whose SYN-ACK 
flag is "ON") and acknowledges the connection from the intra-office mail server 4 to the 

terminal 10 is returned at time t4. 

[0127] At this time, the contents of the storing unit 48 once change, as shown in Fig. 3 
(b). Thus, a new entry (flow number 5), which has copied the contents of the flow 
number 4, is created, and each value, such as the address of the terminal 10 and the port 

number, is set. 

[0128] As shown in Fig. 3 (c), as for the flow number for which the connection is 
acknowledged, the threshold TH is expanded to infinity from "10", and the conditions 
are loosened. Then, the intra-office mail server 4 notifies the repeater 6 of the change 
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with a change notice . Therefore : thorofore , the contents of the storing unit 67 also 
agree with the contents of Fig. 3(c). 

[0129] After time t5, smooth communication by a large bandwidth is performed. 
[0130] At time t9, in order to receive the mail service itself this time, the terminal 10 
sends a packet (information including a password) whose SYN flag is "ON" to the 
intra-office mail server 4 according to the MAIL protocol. 

[0131] Then, as shown in Fig. 3 (d), the intra-oflfice mail server 4 adds a new entry 
(flow number 6), and the communication by the MAIL protocol is executed. Of course, 
change of the storing unit 48 at this time is immediately notified to the repeater 6, and 
the changed contents of the storing unit 48 are immediately reflected in the storing unit 
67. 

[0132] According to the present invention, instead of alternative-access controls such as 
transmission/discard, a more flexible access control can be performed within the limits 
of the bandwidth, which is controlled not to cause difficulties for other legal access 
communications, 

[0133] Furthermore, according to the present invention, accurate judgment regarding the 
access control for the connectionless communication or the encrypted communication, 
which has been difficult with the prior art, can be made, by sending access control 
information to the repeater from the inside network. 

[0134] Having described preferred embodiments of the invention with reference to the 
accompanying drawings, it is to be understood that the invention is not limited to those 
precise embodiments, and that various changes and modifications may be effected 
therein by one skilled in the art without departing from the scope or spirit of the 
invention as defined in the appended claims. 
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ABSTRACT OF THE DISCLOSURE 

Aooess The present invention includes a repeater and a server for controlling 
access, from a terminal of an outside network^ to a-the server of an inside network4s-put 
und e r control . A - The repeater and the server permit a packet transmission from the 
terminal to the server under limited conditions. When the server acknowledges a 
connection for the permitted packet, the-transmission conditions for packets to be sent 
to the server are loosened. Aft e r th e n Subsequentlv> packet transmission between the 
terminal and the server is controlled under the loosened transmission conditions. As for 
encrypted packets, the server decodes the encrypted packets and notifies th e rel e vant 
information to t he repeate r of relevant information . 
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